As discussed in #165, the RSA decryption is not secure against side-channel attacks. Even if we implement the OAEP support (#68) the serialisation of integer to bytes may provide enough of a sidechannel to mount an attack.

So I was thinking if the code shouldn't try to use pyca/cryptography instead for performing the decryption operations, and rise a UserWarning in case pyca/cryptography is unavailable.